Secondary navigation

You are here

Network Intrusion Detection Systems

What We Do

Information Security and Policy (ISP) operates several "Intrusion Detection Systems” (IDS) to detect and respond to information security incidents involving computers connected to the campus network. These automated systems monitor and analyze network traffic and generate alerts in response to activity that either matches known signatures for malicious activity or is anomalous. Alerts are reviewed by ISP security analysts, and if warranted notificaitons are sent to designated security contacts for investigation and remediation.

Why We Do It

Information Security and Policy offers IDS services because hosts connected to the campus network are frequently compromised by hackers. It is much easier for a computer to be compromised than most people understand. Even casual web browsing to legitimate sites with a vulnerable browser can result in a compromise, and anti-malware software is increasingly ineffective at preventing these compromises.

Once compromised, the system is a serious threat to the campus network. Some of the negative consequences of compromised systems on our network include:

Loss of valuable information resources, such as research data

Exposure of personal information and university data assets

Use a platform for criminal activity and attacks on other systems

Reputational damage and legal/financial liability

Blocking/blacklisting of campus network space from other internet resources

By detecting intrusions and requiring remediation, we remove these threats from the campus network. This helps to create a safe and secure environment for university electronic resources.

Who Benefits

All network traffic crossing one of our tapping locations is monitored, so all members of the campus community with devices and data connecting to the Internet can benefit from our services. This includes:

Researchers using the network for storage and transmission of research data